Merge branch 'wip-mdl-31969' of git://github.com/rajeshtaneja/moodle
[moodle.git] / lib / db / access.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Capability definitions for Moodle core.
19  *
20  * The capabilities are loaded into the database table when the module is
21  * installed or updated. Whenever the capability definitions are updated,
22  * the module version number should be bumped up.
23  *
24  * The system has four possible values for a capability:
25  * CAP_ALLOW, CAP_PREVENT, CAP_PROHIBIT, and inherit (not set).
26  *
27  *
28  * CAPABILITY NAMING CONVENTION
29  *
30  * It is important that capability names are unique. The naming convention
31  * for capabilities that are specific to modules and blocks is as follows:
32  *   [mod/block]/<plugin_name>:<capabilityname>
33  *
34  * component_name should be the same as the directory name of the mod or block.
35  *
36  * Core moodle capabilities are defined thus:
37  *    moodle/<capabilityclass>:<capabilityname>
38  *
39  * Examples: mod/forum:viewpost
40  *           block/recent_activity:view
41  *           moodle/site:deleteuser
42  *
43  * The variable name for the capability definitions array is $capabilities
44  *
45  * For more information, take a look to the documentation available:
46  *     - Access API: {@link http://docs.moodle.org/dev/Access_API}
47  *     - Upgrade API: {@link http://docs.moodle.org/dev/Upgrade_API}
48  *
49  * @package   core_access
50  * @category  access
51  * @copyright 2006 onwards Martin Dougiamas  http://dougiamas.com
52  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
53  */
55 defined('MOODLE_INTERNAL') || die();
57 $capabilities = array(
58     'moodle/site:config' => array(
60         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG | RISK_DATALOSS,
62         'captype' => 'write',
63         'contextlevel' => CONTEXT_SYSTEM,
64         'archetypes' => array(
65         )
66     ),
68     'moodle/site:readallmessages' => array(
70         'riskbitmask' => RISK_PERSONAL,
72         'captype' => 'read',
73         'contextlevel' => CONTEXT_SYSTEM,
74         'archetypes' => array(
75             'manager' => CAP_ALLOW,
76             'editingteacher' => CAP_ALLOW
77         )
78     ),
80     'moodle/site:sendmessage' => array(
82         'riskbitmask' => RISK_SPAM,
84         'captype' => 'write',
85         'contextlevel' => CONTEXT_SYSTEM,
86         'archetypes' => array(
87             'manager' => CAP_ALLOW,
88             'user' => CAP_ALLOW
89         )
90     ),
92     'moodle/site:approvecourse' => array(
94         'riskbitmask' => RISK_XSS,
96         'captype' => 'write',
97         'contextlevel' => CONTEXT_SYSTEM,
98         'archetypes' => array(
99             'manager' => CAP_ALLOW
100         )
101     ),
103     'moodle/backup:backupcourse' => array(
105         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
107         'captype' => 'write',
108         'contextlevel' => CONTEXT_COURSE,
109         'archetypes' => array(
110             'editingteacher' => CAP_ALLOW,
111             'manager' => CAP_ALLOW
112         ),
114         'clonepermissionsfrom' =>  'moodle/site:backup'
115     ),
117     'moodle/backup:backupsection' => array(
119         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
121         'captype' => 'write',
122         'contextlevel' => CONTEXT_COURSE,
123         'archetypes' => array(
124             'editingteacher' => CAP_ALLOW,
125             'manager' => CAP_ALLOW
126         ),
128         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
129     ),
131     'moodle/backup:backupactivity' => array(
133         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
135         'captype' => 'write',
136         'contextlevel' => CONTEXT_MODULE,
137         'archetypes' => array(
138             'editingteacher' => CAP_ALLOW,
139             'manager' => CAP_ALLOW
140         ),
142         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
143     ),
145     'moodle/backup:backuptargethub' => array(
147         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
149         'captype' => 'write',
150         'contextlevel' => CONTEXT_COURSE,
151         'archetypes' => array(
152             'editingteacher' => CAP_ALLOW,
153             'manager' => CAP_ALLOW
154         ),
156         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
157     ),
159     'moodle/backup:backuptargetimport' => array(
161         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
163         'captype' => 'write',
164         'contextlevel' => CONTEXT_COURSE,
165         'archetypes' => array(
166             'editingteacher' => CAP_ALLOW,
167             'manager' => CAP_ALLOW
168         ),
170         'clonepermissionsfrom' =>  'moodle/backup:backupcourse'
171     ),
173     'moodle/backup:downloadfile' => array(
175         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
177         'captype' => 'write',
178         'contextlevel' => CONTEXT_COURSE,
179         'archetypes' => array(
180             'editingteacher' => CAP_ALLOW,
181             'manager' => CAP_ALLOW
182         ),
184         'clonepermissionsfrom' =>  'moodle/site:backupdownload'
185     ),
187     'moodle/backup:configure' => array(
189         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
191         'captype' => 'write',
192         'contextlevel' => CONTEXT_COURSE,
193         'archetypes' => array(
194             'editingteacher' => CAP_ALLOW,
195             'manager' => CAP_ALLOW
196         )
197     ),
199     'moodle/backup:userinfo' => array(
201         'riskbitmask' => RISK_PERSONAL,
203         'captype' => 'read',
204         'contextlevel' => CONTEXT_COURSE,
205         'archetypes' => array(
206             'manager' => CAP_ALLOW
207         )
208     ),
210     'moodle/backup:anonymise' => array(
212         'riskbitmask' => RISK_PERSONAL,
214         'captype' => 'read',
215         'contextlevel' => CONTEXT_COURSE,
216         'archetypes' => array(
217             'manager' => CAP_ALLOW
218         )
219     ),
221     'moodle/restore:restorecourse' => array(
223         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
225         'captype' => 'write',
226         'contextlevel' => CONTEXT_COURSE,
227         'archetypes' => array(
228             'editingteacher' => CAP_ALLOW,
229             'manager' => CAP_ALLOW
230         ),
232         'clonepermissionsfrom' =>  'moodle/site:restore'
233     ),
235     'moodle/restore:restoresection' => array(
237         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
239         'captype' => 'write',
240         'contextlevel' => CONTEXT_COURSE,
241         'archetypes' => array(
242             'editingteacher' => CAP_ALLOW,
243             'manager' => CAP_ALLOW
244         ),
246         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
247     ),
249     'moodle/restore:restoreactivity' => array(
251         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
253         'captype' => 'write',
254         'contextlevel' => CONTEXT_COURSE,
255         'archetypes' => array(
256             'editingteacher' => CAP_ALLOW,
257             'manager' => CAP_ALLOW
258         ),
260         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
261     ),
263     'moodle/restore:viewautomatedfilearea' => array(
265         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
267         'captype' => 'write',
268         'contextlevel' => CONTEXT_COURSE,
269     ),
271     'moodle/restore:restoretargethub' => array(
273         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
275         'captype' => 'write',
276         'contextlevel' => CONTEXT_COURSE,
277         'archetypes' => array(
278             'editingteacher' => CAP_ALLOW,
279             'manager' => CAP_ALLOW
280         ),
282         'clonepermissionsfrom' =>  'moodle/restore:restorecourse'
283     ),
285     'moodle/restore:restoretargetimport' => array(
287         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
289         'captype' => 'write',
290         'contextlevel' => CONTEXT_COURSE,
291         'archetypes' => array(
292             'editingteacher' => CAP_ALLOW,
293             'manager' => CAP_ALLOW
294         ),
296         'clonepermissionsfrom' =>  'moodle/site:import'
297     ),
299     'moodle/restore:uploadfile' => array(
301         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
303         'captype' => 'write',
304         'contextlevel' => CONTEXT_COURSE,
305         'archetypes' => array(
306             'editingteacher' => CAP_ALLOW,
307             'manager' => CAP_ALLOW
308         ),
310         'clonepermissionsfrom' =>  'moodle/site:backupupload'
311     ),
313     'moodle/restore:configure' => array(
315         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
317         'captype' => 'write',
318         'contextlevel' => CONTEXT_COURSE,
319         'archetypes' => array(
320             'editingteacher' => CAP_ALLOW,
321             'manager' => CAP_ALLOW
322         )
323     ),
325     'moodle/restore:rolldates' => array(
327         'captype' => 'write',
328         'contextlevel' => CONTEXT_COURSE,
329         'archetypes' => array(
330             'coursecreator' => CAP_ALLOW,
331             'manager' => CAP_ALLOW
332         )
333     ),
335     'moodle/restore:userinfo' => array(
337         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
339         'captype' => 'write',
340         'contextlevel' => CONTEXT_COURSE,
341         'archetypes' => array(
342             'manager' => CAP_ALLOW
343         )
344     ),
346     'moodle/restore:createuser' => array(
348         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
350         'captype' => 'write',
351         'contextlevel' => CONTEXT_SYSTEM,
352         'archetypes' => array(
353             'manager' => CAP_ALLOW
354         )
355     ),
357     'moodle/site:manageblocks' => array(
359         'riskbitmask' => RISK_SPAM | RISK_XSS,
361         'captype' => 'write',
362         'contextlevel' => CONTEXT_BLOCK,
363         'archetypes' => array(
364             'editingteacher' => CAP_ALLOW,
365             'manager' => CAP_ALLOW
366         )
367     ),
369     'moodle/site:accessallgroups' => array(
371         'captype' => 'read',
372         'contextlevel' => CONTEXT_COURSE,
373         'archetypes' => array(
374             'teacher' => CAP_ALLOW,
375             'editingteacher' => CAP_ALLOW,
376             'manager' => CAP_ALLOW
377         )
378     ),
380     'moodle/site:viewfullnames' => array(
382         'captype' => 'read',
383         'contextlevel' => CONTEXT_COURSE,
384         'archetypes' => array(
385             'teacher' => CAP_ALLOW,
386             'editingteacher' => CAP_ALLOW,
387             'manager' => CAP_ALLOW
388         )
389     ),
391     // In reports that give lists of users, extra information about each user's
392     // identity (the fields configured in site option showuseridentity) will be
393     // displayed to users who have this capability.
394     'moodle/site:viewuseridentity' => array(
396         'captype' => 'read',
397         'contextlevel' => CONTEXT_COURSE,
398         'archetypes' => array(
399             'teacher' => CAP_ALLOW,
400             'editingteacher' => CAP_ALLOW,
401             'manager' => CAP_ALLOW
402         )
403     ),
405     'moodle/site:viewreports' => array(
407         'riskbitmask' => RISK_PERSONAL,
409         'captype' => 'read',
410         'contextlevel' => CONTEXT_COURSE,
411         'archetypes' => array(
412             'teacher' => CAP_ALLOW,
413             'editingteacher' => CAP_ALLOW,
414             'manager' => CAP_ALLOW
415         )
416     ),
418     'moodle/site:trustcontent' => array(
420         'riskbitmask' => RISK_XSS,
422         'captype' => 'write',
423         'contextlevel' => CONTEXT_COURSE,
424         'archetypes' => array(
425             'editingteacher' => CAP_ALLOW,
426             'manager' => CAP_ALLOW
427         )
428     ),
430     'moodle/site:uploadusers' => array(
432         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
434         'captype' => 'write',
435         'contextlevel' => CONTEXT_SYSTEM,
436         'archetypes' => array(
437             'manager' => CAP_ALLOW
438         )
439     ),
441     // Permission to manage filter setting overrides in subcontexts.
442     'moodle/filter:manage' => array(
444         'captype' => 'write',
445         'contextlevel' => CONTEXT_COURSE,
446         'archetypes' => array(
447             'editingteacher' => CAP_ALLOW,
448             'manager' => CAP_ALLOW,
449         )
450     ),
452     'moodle/user:create' => array(
454         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
456         'captype' => 'write',
457         'contextlevel' => CONTEXT_SYSTEM,
458         'archetypes' => array(
459             'manager' => CAP_ALLOW
460         )
461     ),
463     'moodle/user:delete' => array(
465         'riskbitmask' => RISK_PERSONAL, RISK_DATALOSS,
467         'captype' => 'write',
468         'contextlevel' => CONTEXT_SYSTEM,
469         'archetypes' => array(
470             'manager' => CAP_ALLOW
471         )
472     ),
474     'moodle/user:update' => array(
476         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
478         'captype' => 'write',
479         'contextlevel' => CONTEXT_SYSTEM,
480         'archetypes' => array(
481             'manager' => CAP_ALLOW
482         )
483     ),
485     'moodle/user:viewdetails' => array(
487         'captype' => 'read',
488         'contextlevel' => CONTEXT_COURSE,
489         'archetypes' => array(
490             'guest' => CAP_ALLOW,
491             'student' => CAP_ALLOW,
492             'teacher' => CAP_ALLOW,
493             'editingteacher' => CAP_ALLOW,
494             'manager' => CAP_ALLOW
495         )
496     ),
498     'moodle/user:viewalldetails' => array(
499         'riskbitmask' => RISK_PERSONAL,
500         'captype' => 'read',
501         'contextlevel' => CONTEXT_USER,
502         'archetypes' => array(
503             'manager' => CAP_ALLOW
504         ),
505         'clonepermissionsfrom' => 'moodle/user:update'
506     ),
508     'moodle/user:viewhiddendetails' => array(
510         'riskbitmask' => RISK_PERSONAL,
512         'captype' => 'read',
513         'contextlevel' => CONTEXT_COURSE,
514         'archetypes' => array(
515             'teacher' => CAP_ALLOW,
516             'editingteacher' => CAP_ALLOW,
517             'manager' => CAP_ALLOW
518         )
519     ),
521     'moodle/user:loginas' => array(
523         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS | RISK_CONFIG,
525         'captype' => 'write',
526         'contextlevel' => CONTEXT_COURSE,
527         'archetypes' => array(
528             'manager' => CAP_ALLOW
529         )
530     ),
532     // can the user manage the system default profile page?
533     'moodle/user:managesyspages' => array(
535         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
537         'captype' => 'write',
538         'contextlevel' => CONTEXT_SYSTEM,
539         'archetypes' => array(
540             'manager' => CAP_ALLOW
541         )
542     ),
544     // can the user manage another user's profile page?
545     'moodle/user:manageblocks' => array(
547         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
549         'captype' => 'write',
550         'contextlevel' => CONTEXT_USER
551     ),
553     // can the user manage their own profile page?
554     'moodle/user:manageownblocks' => array(
556         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
558         'captype' => 'write',
559         'contextlevel' => CONTEXT_SYSTEM,
560         'archetypes' => array(
561             'user' => CAP_ALLOW
562         )
563     ),
565     // can the user manage their own files?
566     'moodle/user:manageownfiles' => array(
568         'riskbitmap' => RISK_SPAM | RISK_PERSONAL,
570         'captype' => 'write',
571         'contextlevel' => CONTEXT_SYSTEM,
572         'archetypes' => array(
573             'user' => CAP_ALLOW
574         )
575     ),
577     // Can the user ignore the setting userquota?
578     // The permissions are cloned from ignorefilesizelimits as it was partly used for that purpose.
579     'moodle/user:ignoreuserquota' => array(
580         'riskbitmap' => RISK_SPAM,
581         'captype' => 'write',
582         'contextlevel' => CONTEXT_SYSTEM,
583         'clonepermissionsfrom' => 'moodle/course:ignorefilesizelimits'
584     ),
586     // can the user manage the system default dashboard page?
587     'moodle/my:configsyspages' => array(
589         'riskbitmap' => RISK_SPAM | RISK_PERSONAL | RISK_CONFIG,
591         'captype' => 'write',
592         'contextlevel' => CONTEXT_SYSTEM,
593         'archetypes' => array(
594             'manager' => CAP_ALLOW
595         )
596     ),
598     'moodle/role:assign' => array(
600         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
602         'captype' => 'write',
603         'contextlevel' => CONTEXT_COURSE,
604         'archetypes' => array(
605             'editingteacher' => CAP_ALLOW,
606             'manager' => CAP_ALLOW
607         )
608     ),
610     'moodle/role:review' => array(
612         'riskbitmask' => RISK_PERSONAL,
614         'captype' => 'read',
615         'contextlevel' => CONTEXT_COURSE,
616         'archetypes' => array(
617             'teacher' => CAP_ALLOW,
618             'editingteacher' => CAP_ALLOW,
619             'manager' => CAP_ALLOW
620         )
621     ),
623     'moodle/role:override' => array(
625         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
627         'captype' => 'write',
628         'contextlevel' => CONTEXT_COURSE,
629         'archetypes' => array(
630             'manager' => CAP_ALLOW
631         )
632     ),
634     'moodle/role:safeoverride' => array(
636         'riskbitmask' => RISK_SPAM,
638         'captype' => 'write',
639         'contextlevel' => CONTEXT_COURSE,
640         'archetypes' => array(
641             'editingteacher' => CAP_ALLOW
642         )
643     ),
645     'moodle/role:manage' => array(
647         'riskbitmask' => RISK_SPAM | RISK_PERSONAL | RISK_XSS,
649         'captype' => 'write',
650         'contextlevel' => CONTEXT_SYSTEM,
651         'archetypes' => array(
652             'manager' => CAP_ALLOW
653         )
654     ),
656     'moodle/role:switchroles' => array(
658         'riskbitmask' => RISK_XSS | RISK_PERSONAL,
660         'captype' => 'read',
661         'contextlevel' => CONTEXT_COURSE,
662         'archetypes' => array(
663             'editingteacher' => CAP_ALLOW,
664             'manager' => CAP_ALLOW
665         )
666     ),
668     // Create, update and delete course categories. (Deleting a course category
669     // does not let you delete the courses it contains, unless you also have
670     // moodle/course: delete.) Creating and deleting requires this permission in
671     // the parent category.
672     'moodle/category:manage' => array(
674         'riskbitmask' => RISK_XSS,
676         'captype' => 'write',
677         'contextlevel' => CONTEXT_COURSECAT,
678         'archetypes' => array(
679             'manager' => CAP_ALLOW
680         ),
681         'clonepermissionsfrom' => 'moodle/category:update'
682     ),
684     'moodle/category:viewhiddencategories' => array(
686         'captype' => 'read',
687         'contextlevel' => CONTEXT_COURSECAT,
688         'archetypes' => array(
689             'coursecreator' => CAP_ALLOW,
690             'manager' => CAP_ALLOW
691         ),
692         'clonepermissionsfrom' => 'moodle/category:visibility'
693     ),
695     // create, delete, move cohorts in system and course categories,
696     // (cohorts with component !== null can be only moved)
697     'moodle/cohort:manage' => array(
699         'captype' => 'write',
700         'contextlevel' => CONTEXT_COURSECAT,
701         'archetypes' => array(
702             'manager' => CAP_ALLOW
703         )
704     ),
706     // add and remove cohort members (only for cohorts where component !== null)
707     'moodle/cohort:assign' => array(
709         'captype' => 'write',
710         'contextlevel' => CONTEXT_COURSECAT,
711         'archetypes' => array(
712             'manager' => CAP_ALLOW
713         )
714     ),
716     // view members of a cohort, this can be used in course context too,
717     // this also controls the ability to actually use cohort
718     'moodle/cohort:view' => array(
720         'captype' => 'read',
721         'contextlevel' => CONTEXT_COURSE,
722         'archetypes' => array(
723             'editingteacher' => CAP_ALLOW,
724             'manager' => CAP_ALLOW
725         )
726     ),
728     'moodle/course:create' => array(
730         'riskbitmask' => RISK_XSS,
732         'captype' => 'write',
733         'contextlevel' => CONTEXT_COURSECAT,
734         'archetypes' => array(
735             'coursecreator' => CAP_ALLOW,
736             'manager' => CAP_ALLOW
737         )
738     ),
740     'moodle/course:request' => array(
741         'captype' => 'write',
742         'contextlevel' => CONTEXT_SYSTEM,
743         'archetypes' => array(
744             'user' => CAP_ALLOW,
745         )
746     ),
748     'moodle/course:delete' => array(
750         'riskbitmask' => RISK_DATALOSS,
752         'captype' => 'write',
753         'contextlevel' => CONTEXT_COURSE,
754         'archetypes' => array(
755             'manager' => CAP_ALLOW
756         )
757     ),
759     'moodle/course:update' => array(
761         'riskbitmask' => RISK_XSS,
763         'captype' => 'write',
764         'contextlevel' => CONTEXT_COURSE,
765         'archetypes' => array(
766             'editingteacher' => CAP_ALLOW,
767             'manager' => CAP_ALLOW
768         )
769     ),
771     'moodle/course:view' => array(
773         'captype' => 'read',
774         'contextlevel' => CONTEXT_COURSE,
775         'archetypes' => array(
776             'manager' => CAP_ALLOW,
777         )
778     ),
780     /* review course enrolments - no group restrictions, it is really full access to all participants info*/
781     'moodle/course:enrolreview' => array(
783         'riskbitmask' => RISK_PERSONAL,
785         'captype' => 'read',
786         'contextlevel' => CONTEXT_COURSE,
787         'archetypes' => array(
788             'editingteacher' => CAP_ALLOW,
789             'manager' => CAP_ALLOW,
790         )
791     ),
793     /* add, remove, hide enrol instances in courses */
794     'moodle/course:enrolconfig' => array(
796         'riskbitmask' => RISK_PERSONAL,
798         'captype' => 'write',
799         'contextlevel' => CONTEXT_COURSE,
800         'archetypes' => array(
801             'editingteacher' => CAP_ALLOW,
802             'manager' => CAP_ALLOW,
803         )
804     ),
806     'moodle/course:bulkmessaging' => array(
808         'riskbitmask' => RISK_SPAM,
810         'captype' => 'write',
811         'contextlevel' => CONTEXT_COURSE,
812         'archetypes' => array(
813             'teacher' => CAP_ALLOW,
814             'editingteacher' => CAP_ALLOW,
815             'manager' => CAP_ALLOW
816         )
817     ),
819     'moodle/course:viewhiddenuserfields' => array(
821         'riskbitmask' => RISK_PERSONAL,
823         'captype' => 'read',
824         'contextlevel' => CONTEXT_COURSE,
825         'archetypes' => array(
826             'teacher' => CAP_ALLOW,
827             'editingteacher' => CAP_ALLOW,
828             'manager' => CAP_ALLOW
829         )
830     ),
832     'moodle/course:viewhiddencourses' => array(
834         'captype' => 'read',
835         'contextlevel' => CONTEXT_COURSE,
836         'archetypes' => array(
837             'coursecreator' => CAP_ALLOW,
838             'teacher' => CAP_ALLOW,
839             'editingteacher' => CAP_ALLOW,
840             'manager' => CAP_ALLOW
841         )
842     ),
844     'moodle/course:visibility' => array(
846         'captype' => 'write',
847         'contextlevel' => CONTEXT_COURSE,
848         'archetypes' => array(
849             'editingteacher' => CAP_ALLOW,
850             'manager' => CAP_ALLOW
851         )
852     ),
854     'moodle/course:managefiles' => array(
856         'riskbitmask' => RISK_XSS,
858         'captype' => 'write',
859         'contextlevel' => CONTEXT_COURSE,
860         'archetypes' => array(
861             'editingteacher' => CAP_ALLOW,
862             'manager' => CAP_ALLOW
863         )
864     ),
866     'moodle/course:ignorefilesizelimits' => array(
868         'captype' => 'write',
869         'contextlevel' => CONTEXT_COURSE,
870         'archetypes' => array(
871         )
872     ),
874     'moodle/course:manageactivities' => array(
876         'riskbitmask' => RISK_XSS,
878         'captype' => 'write',
879         'contextlevel' => CONTEXT_MODULE,
880         'archetypes' => array(
881             'editingteacher' => CAP_ALLOW,
882             'manager' => CAP_ALLOW
883         )
884     ),
886     'moodle/course:activityvisibility' => array(
888         'captype' => 'write',
889         'contextlevel' => CONTEXT_MODULE,
890         'archetypes' => array(
891             'editingteacher' => CAP_ALLOW,
892             'manager' => CAP_ALLOW
893         )
894     ),
896     'moodle/course:viewhiddenactivities' => array(
898         'captype' => 'write',
899         'contextlevel' => CONTEXT_MODULE,
900         'archetypes' => array(
901             'teacher' => CAP_ALLOW,
902             'editingteacher' => CAP_ALLOW,
903             'manager' => CAP_ALLOW
904         )
905     ),
907     'moodle/course:viewparticipants' => array(
909         'captype' => 'read',
910         'contextlevel' => CONTEXT_COURSE,
911         'archetypes' => array(
912             'student' => CAP_ALLOW,
913             'teacher' => CAP_ALLOW,
914             'editingteacher' => CAP_ALLOW,
915             'manager' => CAP_ALLOW
916         )
917     ),
919     'moodle/course:changefullname' => array(
921         'riskbitmask' => RISK_XSS,
923         'captype' => 'write',
924         'contextlevel' => CONTEXT_COURSE,
925         'archetypes' => array(
926             'editingteacher' => CAP_ALLOW,
927             'manager' => CAP_ALLOW
928         ),
929         'clonepermissionsfrom' => 'moodle/course:update'
930     ),
932     'moodle/course:changeshortname' => array(
934         'riskbitmask' => RISK_XSS,
936         'captype' => 'write',
937         'contextlevel' => CONTEXT_COURSE,
938         'archetypes' => array(
939             'editingteacher' => CAP_ALLOW,
940             'manager' => CAP_ALLOW
941         ),
942         'clonepermissionsfrom' => 'moodle/course:update'
943     ),
945     'moodle/course:changeidnumber' => array(
947         'riskbitmask' => RISK_XSS,
949         'captype' => 'write',
950         'contextlevel' => CONTEXT_COURSE,
951         'archetypes' => array(
952             'editingteacher' => CAP_ALLOW,
953             'manager' => CAP_ALLOW
954         ),
955         'clonepermissionsfrom' => 'moodle/course:update'
956     ),
957     'moodle/course:changecategory' => array(
958         'riskbitmask' => RISK_XSS,
960         'captype' => 'write',
961         'contextlevel' => CONTEXT_COURSE,
962         'archetypes' => array(
963             'editingteacher' => CAP_ALLOW,
964             'manager' => CAP_ALLOW
965         ),
966         'clonepermissionsfrom' => 'moodle/course:update'
967     ),
969     'moodle/course:changesummary' => array(
970         'riskbitmask' => RISK_XSS,
972         'captype' => 'write',
973         'contextlevel' => CONTEXT_COURSE,
974         'archetypes' => array(
975             'editingteacher' => CAP_ALLOW,
976             'manager' => CAP_ALLOW
977         ),
978         'clonepermissionsfrom' => 'moodle/course:update'
979     ),
982     'moodle/site:viewparticipants' => array(
984         'captype' => 'read',
985         'contextlevel' => CONTEXT_SYSTEM,
986         'archetypes' => array(
987             'manager' => CAP_ALLOW
988         )
989     ),
991     'moodle/course:isincompletionreports' => array(
992         'captype' => 'read',
993         'contextlevel' => CONTEXT_COURSE,
994         'archetypes' => array(
995             'student' => CAP_ALLOW,
996         ),
997     ),
999     'moodle/course:viewscales' => array(
1001         'captype' => 'read',
1002         'contextlevel' => CONTEXT_COURSE,
1003         'archetypes' => array(
1004             'student' => CAP_ALLOW,
1005             'teacher' => CAP_ALLOW,
1006             'editingteacher' => CAP_ALLOW,
1007             'manager' => CAP_ALLOW
1008         )
1009     ),
1011     'moodle/course:managescales' => array(
1013         'captype' => 'write',
1014         'contextlevel' => CONTEXT_COURSE,
1015         'archetypes' => array(
1016             'editingteacher' => CAP_ALLOW,
1017             'manager' => CAP_ALLOW
1018         )
1019     ),
1021     'moodle/course:managegroups' => array(
1023         'captype' => 'write',
1024         'contextlevel' => CONTEXT_COURSE,
1025         'archetypes' => array(
1026             'editingteacher' => CAP_ALLOW,
1027             'manager' => CAP_ALLOW
1028         )
1029     ),
1031     'moodle/course:reset' => array(
1033         'riskbitmask' => RISK_DATALOSS,
1035         'captype' => 'write',
1036         'contextlevel' => CONTEXT_COURSE,
1037         'archetypes' => array(
1038             'editingteacher' => CAP_ALLOW,
1039             'manager' => CAP_ALLOW
1040         )
1041     ),
1043     'moodle/course:viewsuspendedusers' => array(
1045         'captype' => 'read',
1046         'contextlevel' => CONTEXT_SYSTEM,
1047         'archetypes' => array(
1048             'editingteacher' => CAP_ALLOW,
1049             'manager' => CAP_ALLOW
1050         )
1051     ),
1053     'moodle/blog:view' => array(
1055         'captype' => 'read',
1056         'contextlevel' => CONTEXT_SYSTEM,
1057         'archetypes' => array(
1058             'guest' => CAP_ALLOW,
1059             'user' => CAP_ALLOW,
1060             'student' => CAP_ALLOW,
1061             'teacher' => CAP_ALLOW,
1062             'editingteacher' => CAP_ALLOW,
1063             'manager' => CAP_ALLOW
1064         )
1065     ),
1067     'moodle/blog:search' => array(
1068         'captype' => 'read',
1069         'contextlevel' => CONTEXT_SYSTEM,
1070         'archetypes' => array(
1071             'guest' => CAP_ALLOW,
1072             'user' => CAP_ALLOW,
1073             'student' => CAP_ALLOW,
1074             'teacher' => CAP_ALLOW,
1075             'editingteacher' => CAP_ALLOW,
1076             'manager' => CAP_ALLOW
1077         )
1078     ),
1080     'moodle/blog:viewdrafts' => array(
1082         'riskbitmask' => RISK_PERSONAL,
1083         'captype' => 'read',
1084         'contextlevel' => CONTEXT_SYSTEM,
1085         'archetypes' => array(
1086             'manager' => CAP_ALLOW
1087         )
1088     ),
1090     'moodle/blog:create' => array( // works in CONTEXT_SYSTEM only
1092         'riskbitmask' => RISK_SPAM,
1094         'captype' => 'write',
1095         'contextlevel' => CONTEXT_SYSTEM,
1096         'archetypes' => array(
1097             'user' => CAP_ALLOW,
1098             'manager' => CAP_ALLOW
1099         )
1100     ),
1102     'moodle/blog:manageentries' => array(
1104         'riskbitmask' => RISK_SPAM,
1106         'captype' => 'write',
1107         'contextlevel' => CONTEXT_SYSTEM,
1108         'archetypes' => array(
1109             'teacher' => CAP_ALLOW,
1110             'editingteacher' => CAP_ALLOW,
1111             'manager' => CAP_ALLOW
1112         )
1113     ),
1115     'moodle/blog:manageexternal' => array(
1117         'riskbitmask' => RISK_SPAM,
1119         'captype' => 'write',
1120         'contextlevel' => CONTEXT_SYSTEM,
1121         'archetypes' => array(
1122             'student' => CAP_ALLOW,
1123             'user' => CAP_ALLOW,
1124             'teacher' => CAP_ALLOW,
1125             'editingteacher' => CAP_ALLOW,
1126             'manager' => CAP_ALLOW
1127         )
1128     ),
1130     'moodle/blog:associatecourse' => array(
1132         'captype' => 'write',
1133         'contextlevel' => CONTEXT_COURSE,
1134         'archetypes' => array(
1135             'student' => CAP_ALLOW,
1136             'user' => CAP_ALLOW,
1137             'teacher' => CAP_ALLOW,
1138             'editingteacher' => CAP_ALLOW,
1139             'manager' => CAP_ALLOW
1140         )
1141     ),
1143     'moodle/blog:associatemodule' => array(
1145         'captype' => 'write',
1146         'contextlevel' => CONTEXT_MODULE,
1147         'archetypes' => array(
1148             'student' => CAP_ALLOW,
1149             'user' => CAP_ALLOW,
1150             'teacher' => CAP_ALLOW,
1151             'editingteacher' => CAP_ALLOW,
1152             'manager' => CAP_ALLOW
1153         )
1154     ),
1156     'moodle/calendar:manageownentries' => array( // works in CONTEXT_SYSTEM only
1158         'riskbitmask' => RISK_SPAM,
1160         'captype' => 'write',
1161         'contextlevel' => CONTEXT_COURSE,
1162         'archetypes' => array(
1163             'user' => CAP_ALLOW,
1164             'manager' => CAP_ALLOW
1165         )
1166     ),
1168     'moodle/calendar:managegroupentries' => array(
1170         'riskbitmask' => RISK_SPAM,
1172         'captype' => 'write',
1173         'contextlevel' => CONTEXT_COURSE,
1174         'archetypes' => array(
1175             'teacher' => CAP_ALLOW,
1176             'editingteacher' => CAP_ALLOW,
1177             'manager' => CAP_ALLOW
1178         )
1179     ),
1181     'moodle/calendar:manageentries' => array(
1183         'riskbitmask' => RISK_SPAM,
1185         'captype' => 'write',
1186         'contextlevel' => CONTEXT_COURSE,
1187         'archetypes' => array(
1188             'teacher' => CAP_ALLOW,
1189             'editingteacher' => CAP_ALLOW,
1190             'manager' => CAP_ALLOW
1191         )
1192     ),
1194     'moodle/user:editprofile' => array(
1196         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1198         'captype' => 'write',
1199         'contextlevel' => CONTEXT_USER,
1200         'archetypes' => array(
1201             'manager' => CAP_ALLOW
1202         )
1203     ),
1205     'moodle/user:editownprofile' => array(
1207         'riskbitmask' => RISK_SPAM,
1209         'captype' => 'write',
1210         'contextlevel' => CONTEXT_SYSTEM,
1211         'archetypes' => array(
1212             'guest' => CAP_PROHIBIT,
1213             'user' => CAP_ALLOW,
1214             'manager' => CAP_ALLOW
1215         )
1216     ),
1218     'moodle/user:changeownpassword' => array(
1220         'captype' => 'write',
1221         'contextlevel' => CONTEXT_SYSTEM,
1222         'archetypes' => array(
1223             'guest' => CAP_PROHIBIT,
1224             'user' => CAP_ALLOW,
1225             'manager' => CAP_ALLOW
1226         )
1227     ),
1229     // The next 3 might make no sense for some roles, e.g teacher, etc.
1230     // since the next level up is site. These are more for the parent role
1231     'moodle/user:readuserposts' => array(
1233         'captype' => 'read',
1234         'contextlevel' => CONTEXT_USER,
1235         'archetypes' => array(
1236             'student' => CAP_ALLOW,
1237             'teacher' => CAP_ALLOW,
1238             'editingteacher' => CAP_ALLOW,
1239             'manager' => CAP_ALLOW
1240         )
1241     ),
1243     'moodle/user:readuserblogs' => array(
1245         'captype' => 'read',
1246         'contextlevel' => CONTEXT_USER,
1247         'archetypes' => array(
1248             'student' => CAP_ALLOW,
1249             'teacher' => CAP_ALLOW,
1250             'editingteacher' => CAP_ALLOW,
1251             'manager' => CAP_ALLOW
1252         )
1253     ),
1255     // designed for parent role - not used in legacy roles
1256     'moodle/user:viewuseractivitiesreport' => array(
1257         'riskbitmask' => RISK_PERSONAL,
1259         'captype' => 'read',
1260         'contextlevel' => CONTEXT_USER,
1261         'archetypes' => array(
1262         )
1263     ),
1265     //capabilities designed for the new message system configuration
1266     'moodle/user:editmessageprofile' => array(
1268          'riskbitmask' => RISK_SPAM,
1270          'captype' => 'write',
1271          'contextlevel' => CONTEXT_USER,
1272          'archetypes' => array(
1273              'manager' => CAP_ALLOW
1274          )
1275      ),
1277      'moodle/user:editownmessageprofile' => array(
1279          'captype' => 'write',
1280          'contextlevel' => CONTEXT_SYSTEM,
1281          'archetypes' => array(
1282              'guest' => CAP_PROHIBIT,
1283              'user' => CAP_ALLOW,
1284              'manager' => CAP_ALLOW
1285          )
1286      ),
1288     'moodle/question:managecategory' => array(
1289         'riskbitmask' => RISK_SPAM | RISK_XSS,
1290         'captype' => 'write',
1291         'contextlevel' => CONTEXT_COURSE,
1292         'archetypes' => array(
1293             'editingteacher' => CAP_ALLOW,
1294             'manager' => CAP_ALLOW
1295         )
1296     ),
1298     //new in moodle 1.9
1299     'moodle/question:add' => array(
1300         'riskbitmask' => RISK_SPAM | RISK_XSS,
1301         'captype' => 'write',
1302         'contextlevel' => CONTEXT_COURSE,
1303         'archetypes' => array(
1304             'editingteacher' => CAP_ALLOW,
1305             'manager' => CAP_ALLOW
1306         ),
1307         'clonepermissionsfrom' =>  'moodle/question:manage'
1308     ),
1309     'moodle/question:editmine' => array(
1310         'riskbitmask' => RISK_SPAM | RISK_XSS,
1311         'captype' => 'write',
1312         'contextlevel' => CONTEXT_COURSE,
1313         'archetypes' => array(
1314             'editingteacher' => CAP_ALLOW,
1315             'manager' => CAP_ALLOW
1316         ),
1317         'clonepermissionsfrom' =>  'moodle/question:manage'
1318     ),
1319     'moodle/question:editall' => array(
1320         'riskbitmask' => RISK_SPAM | RISK_XSS,
1321         'captype' => 'write',
1322         'contextlevel' => CONTEXT_COURSE,
1323         'archetypes' => array(
1324             'editingteacher' => CAP_ALLOW,
1325             'manager' => CAP_ALLOW
1326         ),
1327         'clonepermissionsfrom' =>  'moodle/question:manage'
1328     ),
1329     'moodle/question:viewmine' => array(
1330         'captype' => 'read',
1331         'contextlevel' => CONTEXT_COURSE,
1332         'archetypes' => array(
1333             'editingteacher' => CAP_ALLOW,
1334             'manager' => CAP_ALLOW
1335         ),
1336         'clonepermissionsfrom' =>  'moodle/question:manage'
1337     ),
1338     'moodle/question:viewall' => array(
1339         'captype' => 'read',
1340         'contextlevel' => CONTEXT_COURSE,
1341         'archetypes' => array(
1342             'editingteacher' => CAP_ALLOW,
1343             'manager' => CAP_ALLOW
1344         ),
1345         'clonepermissionsfrom' =>  'moodle/question:manage'
1346     ),
1347     'moodle/question:usemine' => array(
1348         'captype' => 'read',
1349         'contextlevel' => CONTEXT_COURSE,
1350         'archetypes' => array(
1351             'editingteacher' => CAP_ALLOW,
1352             'manager' => CAP_ALLOW
1353         ),
1354         'clonepermissionsfrom' =>  'moodle/question:manage'
1355     ),
1356     'moodle/question:useall' => array(
1357         'captype' => 'read',
1358         'contextlevel' => CONTEXT_COURSE,
1359         'archetypes' => array(
1360             'editingteacher' => CAP_ALLOW,
1361             'manager' => CAP_ALLOW
1362         ),
1363         'clonepermissionsfrom' =>  'moodle/question:manage'
1364     ),
1365     'moodle/question:movemine' => array(
1366         'captype' => 'write',
1367         'contextlevel' => CONTEXT_COURSE,
1368         'archetypes' => array(
1369             'editingteacher' => CAP_ALLOW,
1370             'manager' => CAP_ALLOW
1371         ),
1372         'clonepermissionsfrom' =>  'moodle/question:manage'
1373     ),
1374     'moodle/question:moveall' => array(
1375         'captype' => 'write',
1376         'contextlevel' => CONTEXT_COURSE,
1377         'archetypes' => array(
1378             'editingteacher' => CAP_ALLOW,
1379             'manager' => CAP_ALLOW
1380         ),
1381         'clonepermissionsfrom' =>  'moodle/question:manage'
1382     ),
1383     //END new in moodle 1.9
1385     // Configure the installed question types.
1386     'moodle/question:config' => array(
1387         'riskbitmask' => RISK_CONFIG,
1388         'captype' => 'write',
1389         'contextlevel' => CONTEXT_SYSTEM,
1390         'archetypes' => array(
1391             'manager' => CAP_ALLOW
1392         )
1393     ),
1395     // While attempting questions, the ability to flag particular questions for later reference.
1396     'moodle/question:flag' => array(
1397         'captype' => 'write',
1398         'contextlevel' => CONTEXT_COURSE,
1399         'archetypes' => array(
1400             'student' => CAP_ALLOW,
1401             'teacher' => CAP_ALLOW,
1402             'editingteacher' => CAP_ALLOW,
1403             'manager' => CAP_ALLOW
1404         )
1405     ),
1407     'moodle/site:doclinks' => array(
1408         'captype' => 'read',
1409         'contextlevel' => CONTEXT_SYSTEM,
1410         'archetypes' => array(
1411             'teacher' => CAP_ALLOW,
1412             'editingteacher' => CAP_ALLOW,
1413             'manager' => CAP_ALLOW
1414         )
1415     ),
1417     'moodle/course:sectionvisibility' => array(
1419         'captype' => 'write',
1420         'contextlevel' => CONTEXT_COURSE,
1421         'archetypes' => array(
1422             'editingteacher' => CAP_ALLOW,
1423             'manager' => CAP_ALLOW
1424         )
1425     ),
1427     'moodle/course:useremail' => array(
1429         'captype' => 'write',
1430         'contextlevel' => CONTEXT_COURSE,
1431         'archetypes' => array(
1432             'editingteacher' => CAP_ALLOW,
1433             'manager' => CAP_ALLOW
1434         )
1435     ),
1437     'moodle/course:viewhiddensections' => array(
1439         'captype' => 'write',
1440         'contextlevel' => CONTEXT_COURSE,
1441         'archetypes' => array(
1442             'editingteacher' => CAP_ALLOW,
1443             'manager' => CAP_ALLOW
1444         )
1445     ),
1447     'moodle/course:setcurrentsection' => array(
1449         'captype' => 'write',
1450         'contextlevel' => CONTEXT_COURSE,
1451         'archetypes' => array(
1452             'editingteacher' => CAP_ALLOW,
1453             'manager' => CAP_ALLOW
1454         )
1455     ),
1457     'moodle/course:movesections' => array(
1459         'captype' => 'write',
1460         'contextlevel' => CONTEXT_COURSE,
1461         'archetypes' => array(
1462             'editingteacher' => CAP_ALLOW,
1463             'manager' => CAP_ALLOW
1464         ),
1465         'clonepermissionsfrom' => 'moodle/course:update'
1466     ),
1468     'moodle/site:mnetlogintoremote' => array(
1470         'captype' => 'read',
1471         'contextlevel' => CONTEXT_SYSTEM,
1472         'archetypes' => array(
1473         )
1474     ),
1476     'moodle/grade:viewall' => array(
1477         'riskbitmask' => RISK_PERSONAL,
1478         'captype' => 'read',
1479         'contextlevel' => CONTEXT_COURSE, // and CONTEXT_USER
1480         'archetypes' => array(
1481             'teacher' => CAP_ALLOW,
1482             'editingteacher' => CAP_ALLOW,
1483             'manager' => CAP_ALLOW
1484         ),
1485         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1486     ),
1488     'moodle/grade:view' => array(
1489         'captype' => 'read',
1490         'contextlevel' => CONTEXT_COURSE,
1491         'archetypes' => array(
1492             'student' => CAP_ALLOW
1493         )
1494     ),
1496     'moodle/grade:viewhidden' => array(
1497         'riskbitmask' => RISK_PERSONAL,
1498         'captype' => 'read',
1499         'contextlevel' => CONTEXT_COURSE,
1500         'archetypes' => array(
1501             'teacher' => CAP_ALLOW,
1502             'editingteacher' => CAP_ALLOW,
1503             'manager' => CAP_ALLOW
1504         ),
1505         'clonepermissionsfrom' => 'moodle/course:viewcoursegrades'
1506     ),
1508     'moodle/grade:import' => array(
1509         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1510         'captype' => 'write',
1511         'contextlevel' => CONTEXT_COURSE,
1512         'archetypes' => array(
1513             'editingteacher' => CAP_ALLOW,
1514             'manager' => CAP_ALLOW
1515         ),
1516         'clonepermissionsfrom' => 'moodle/course:managegrades'
1517     ),
1519     'moodle/grade:export' => array(
1520         'riskbitmask' => RISK_PERSONAL,
1521         'captype' => 'read',
1522         'contextlevel' => CONTEXT_COURSE,
1523         'archetypes' => array(
1524             'teacher' => CAP_ALLOW,
1525             'editingteacher' => CAP_ALLOW,
1526             'manager' => CAP_ALLOW
1527         ),
1528         'clonepermissionsfrom' => 'moodle/course:managegrades'
1529     ),
1531     'moodle/grade:manage' => array(
1532         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1533         'captype' => 'write',
1534         'contextlevel' => CONTEXT_COURSE,
1535         'archetypes' => array(
1536             'editingteacher' => CAP_ALLOW,
1537             'manager' => CAP_ALLOW
1538         ),
1539         'clonepermissionsfrom' => 'moodle/course:managegrades'
1540     ),
1542     'moodle/grade:edit' => array(
1543         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1544         'captype' => 'write',
1545         'contextlevel' => CONTEXT_COURSE,
1546         'archetypes' => array(
1547             'editingteacher' => CAP_ALLOW,
1548             'manager' => CAP_ALLOW
1549         ),
1550         'clonepermissionsfrom' => 'moodle/course:managegrades'
1551     ),
1553     // ability to define advanced grading forms in activities either from scratch
1554     // or from a shared template
1555     'moodle/grade:managegradingforms' => array(
1556         'riskbitmask' => RISK_PERSONAL | RISK_XSS,
1557         'captype' => 'write',
1558         'contextlevel' => CONTEXT_COURSE,
1559         'archetypes' => array(
1560             'editingteacher' => CAP_ALLOW,
1561             'manager' => CAP_ALLOW
1562         ),
1563         'clonepermissionsfrom' => 'moodle/course:managegrades'
1564     ),
1566     // ability to save a grading form as a new shared template and eventually edit
1567     // and remove own templates (templates originally shared by that user)
1568     'moodle/grade:sharegradingforms' => array(
1569         'riskbitmask' => RISK_XSS,
1570         'captype' => 'write',
1571         'contextlevel' => CONTEXT_SYSTEM,
1572         'archetypes' => array(
1573             'manager' => CAP_ALLOW
1574         ),
1575     ),
1577     // ability to edit and remove any shared template, even those originally shared
1578     // by other users
1579     'moodle/grade:managesharedforms' => array(
1580         'riskbitmask' => RISK_XSS,
1581         'captype' => 'write',
1582         'contextlevel' => CONTEXT_SYSTEM,
1583         'archetypes' => array(
1584             'manager' => CAP_ALLOW
1585         ),
1586     ),
1588     'moodle/grade:manageoutcomes' => array(
1589         'captype' => 'write',
1590         'contextlevel' => CONTEXT_COURSE,
1591         'archetypes' => array(
1592             'editingteacher' => CAP_ALLOW,
1593             'manager' => CAP_ALLOW
1594         ),
1595         'clonepermissionsfrom' => 'moodle/course:managegrades'
1596     ),
1598     'moodle/grade:manageletters' => array(
1599         'captype' => 'write',
1600         'contextlevel' => CONTEXT_COURSE,
1601         'archetypes' => array(
1602             'editingteacher' => CAP_ALLOW,
1603             'manager' => CAP_ALLOW
1604         ),
1605         'clonepermissionsfrom' => 'moodle/course:managegrades'
1606     ),
1608     'moodle/grade:hide' => array(
1609         'captype' => 'write',
1610         'contextlevel' => CONTEXT_COURSE,
1611         'archetypes' => array(
1612             'editingteacher' => CAP_ALLOW,
1613             'manager' => CAP_ALLOW
1614         )
1615     ),
1617     'moodle/grade:lock' => array(
1618         'captype' => 'write',
1619         'contextlevel' => CONTEXT_COURSE,
1620         'archetypes' => array(
1621             'editingteacher' => CAP_ALLOW,
1622             'manager' => CAP_ALLOW
1623         )
1624     ),
1626     'moodle/grade:unlock' => array(
1627         'captype' => 'write',
1628         'contextlevel' => CONTEXT_COURSE,
1629         'archetypes' => array(
1630             'editingteacher' => CAP_ALLOW,
1631             'manager' => CAP_ALLOW
1632         )
1633     ),
1635     'moodle/my:manageblocks' => array(
1636         'captype' => 'write',
1637         'contextlevel' => CONTEXT_SYSTEM,
1638         'archetypes' => array(
1639             'user' => CAP_ALLOW
1640         )
1641     ),
1643     'moodle/notes:view' => array(
1644         'captype' => 'read',
1645         'contextlevel' => CONTEXT_COURSE,
1646         'archetypes' => array(
1647             'teacher' => CAP_ALLOW,
1648             'editingteacher' => CAP_ALLOW,
1649             'manager' => CAP_ALLOW
1650         )
1651     ),
1653     'moodle/notes:manage' => array(
1654         'riskbitmask' => RISK_SPAM,
1656         'captype' => 'write',
1657         'contextlevel' => CONTEXT_COURSE,
1658         'archetypes' => array(
1659             'teacher' => CAP_ALLOW,
1660             'editingteacher' => CAP_ALLOW,
1661             'manager' => CAP_ALLOW
1662         )
1663     ),
1665     'moodle/tag:manage' => array(
1666         'riskbitmask' => RISK_SPAM,
1668         'captype' => 'write',
1669         'contextlevel' => CONTEXT_SYSTEM,
1670         'archetypes' => array(
1671             'teacher' => CAP_ALLOW,
1672             'editingteacher' => CAP_ALLOW,
1673             'manager' => CAP_ALLOW
1674         )
1675     ),
1677     'moodle/tag:create' => array(
1678         'riskbitmask' => RISK_SPAM,
1680         'captype' => 'write',
1681         'contextlevel' => CONTEXT_SYSTEM,
1682         'archetypes' => array(
1683             'manager' => CAP_ALLOW,
1684             'user' => CAP_ALLOW
1685         )
1686     ),
1688     'moodle/tag:edit' => array(
1689         'riskbitmask' => RISK_SPAM,
1691         'captype' => 'write',
1692         'contextlevel' => CONTEXT_SYSTEM,
1693         'archetypes' => array(
1694             'manager' => CAP_ALLOW,
1695             'user' => CAP_ALLOW
1696         )
1697     ),
1699     'moodle/tag:flag' => array(
1700         'riskbitmask' => RISK_SPAM,
1702         'captype' => 'write',
1703         'contextlevel' => CONTEXT_SYSTEM,
1704         'archetypes' => array(
1705             'manager' => CAP_ALLOW,
1706             'user' => CAP_ALLOW
1707         )
1708     ),
1710     'moodle/tag:editblocks' => array(
1711         'captype' => 'write',
1712         'contextlevel' => CONTEXT_SYSTEM,
1713         'archetypes' => array(
1714             'teacher' => CAP_ALLOW,
1715             'editingteacher' => CAP_ALLOW,
1716             'manager' => CAP_ALLOW
1717         )
1718     ),
1720     'moodle/block:view' => array(
1721         'captype' => 'read',
1722         'contextlevel' => CONTEXT_BLOCK,
1723         'archetypes' => array(
1724             'guest' => CAP_ALLOW,
1725             'user' => CAP_ALLOW,
1726             'student' => CAP_ALLOW,
1727             'teacher' => CAP_ALLOW,
1728             'editingteacher' => CAP_ALLOW,
1729         )
1730     ),
1732     'moodle/block:edit' => array(
1733         'riskbitmask' => RISK_SPAM | RISK_XSS,
1735         'captype' => 'write',
1736         'contextlevel' => CONTEXT_BLOCK,
1737         'archetypes' => array(
1738             'editingteacher' => CAP_ALLOW,
1739             'manager' => CAP_ALLOW
1740         )
1741     ),
1743     'moodle/portfolio:export' => array(
1744         'captype' => 'read',
1745         'contextlevel' => CONTEXT_SYSTEM,
1746         'archetypes' => array(
1747             'user' => CAP_ALLOW,
1748             'student' => CAP_ALLOW,
1749             'teacher' => CAP_ALLOW,
1750             'editingteacher' => CAP_ALLOW,
1751         )
1752     ),
1753     'moodle/comment:view' => array(
1754         'captype' => 'read',
1755         'contextlevel' => CONTEXT_COURSE,
1756         'archetypes' => array(
1757             'frontpage' => CAP_ALLOW,
1758             'guest' => CAP_ALLOW,
1759             'user' => CAP_ALLOW,
1760             'student' => CAP_ALLOW,
1761             'teacher' => CAP_ALLOW,
1762             'editingteacher' => CAP_ALLOW,
1763             'manager' => CAP_ALLOW
1764         )
1765     ),
1766     'moodle/comment:post' => array(
1768         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1769         'captype' => 'write',
1770         'contextlevel' => CONTEXT_COURSE,
1771         'archetypes' => array(
1772             'user' => CAP_ALLOW,
1773             'student' => CAP_ALLOW,
1774             'teacher' => CAP_ALLOW,
1775             'editingteacher' => CAP_ALLOW,
1776             'manager' => CAP_ALLOW
1777         )
1778     ),
1779     'moodle/comment:delete' => array(
1781         'riskbitmask' => RISK_DATALOSS,
1782         'captype' => 'write',
1783         'contextlevel' => CONTEXT_COURSE,
1784         'archetypes' => array(
1785             'editingteacher' => CAP_ALLOW,
1786             'manager' => CAP_ALLOW
1787         )
1788     ),
1789     'moodle/webservice:createtoken' => array(
1791         'riskbitmask' => RISK_CONFIG | RISK_DATALOSS | RISK_SPAM | RISK_PERSONAL | RISK_XSS,
1792         'captype' => 'write',
1793         'contextlevel' => CONTEXT_SYSTEM,
1794         'archetypes' => array(
1795             'manager' => CAP_ALLOW
1796         )
1797     ),
1798     'moodle/webservice:createmobiletoken' => array(
1800         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1801         'captype' => 'write',
1802         'contextlevel' => CONTEXT_SYSTEM,
1803         'archetypes' => array(
1804             'user' => CAP_ALLOW
1805         )
1806     ),
1807     'moodle/rating:view' => array(
1809         'captype' => 'read',
1810         'contextlevel' => CONTEXT_COURSE,
1811         'archetypes' => array(
1812             'user' => CAP_ALLOW,
1813             'student' => CAP_ALLOW,
1814             'teacher' => CAP_ALLOW,
1815             'editingteacher' => CAP_ALLOW,
1816             'manager' => CAP_ALLOW
1817         )
1818     ),
1819     'moodle/rating:viewany' => array(
1821         'riskbitmask' => RISK_PERSONAL,
1822         'captype' => 'read',
1823         'contextlevel' => CONTEXT_COURSE,
1824         'archetypes' => array(
1825             'user' => CAP_ALLOW,
1826             'student' => CAP_ALLOW,
1827             'teacher' => CAP_ALLOW,
1828             'editingteacher' => CAP_ALLOW,
1829             'manager' => CAP_ALLOW
1830         )
1831     ),
1832     'moodle/rating:viewall' => array(
1834         'riskbitmask' => RISK_PERSONAL,
1835         'captype' => 'read',
1836         'contextlevel' => CONTEXT_COURSE,
1837         'archetypes' => array(
1838             'user' => CAP_ALLOW,
1839             'student' => CAP_ALLOW,
1840             'teacher' => CAP_ALLOW,
1841             'editingteacher' => CAP_ALLOW,
1842             'manager' => CAP_ALLOW
1843         )
1844     ),
1845     'moodle/rating:rate' => array(
1847         'captype' => 'write',
1848         'contextlevel' => CONTEXT_COURSE,
1849         'archetypes' => array(
1850             'user' => CAP_ALLOW,
1851             'student' => CAP_ALLOW,
1852             'teacher' => CAP_ALLOW,
1853             'editingteacher' => CAP_ALLOW,
1854             'manager' => CAP_ALLOW
1855         )
1856     ),
1857      'moodle/course:publish' => array(
1859         'captype' => 'write',
1860         'riskbitmask' => RISK_SPAM | RISK_PERSONAL,
1861         'contextlevel' => CONTEXT_SYSTEM,
1862         'archetypes' => array(
1863             'manager' => CAP_ALLOW
1864         )
1865     ),
1866     'moodle/course:markcomplete' => array(
1867         'captype' => 'write',
1868         'contextlevel' => CONTEXT_COURSE,
1869         'archetypes' => array(
1870             'teacher' => CAP_ALLOW,
1871             'editingteacher' => CAP_ALLOW,
1872             'manager' => CAP_ALLOW
1873         )
1874     ),
1875     'moodle/community:add' => array(
1876         'captype' => 'write',
1877         'contextlevel' => CONTEXT_SYSTEM,
1878         'archetypes' => array(
1879             'manager' => CAP_ALLOW,
1880             'teacher' => CAP_ALLOW,
1881             'editingteacher' => CAP_ALLOW,
1882         )
1883     ),
1884     'moodle/community:download' => array(
1885         'captype' => 'write',
1886         'contextlevel' => CONTEXT_SYSTEM,
1887         'archetypes' => array(
1888             'manager' => CAP_ALLOW,
1889             'editingteacher' => CAP_ALLOW,
1890         )
1891     ),
1893     // Badges.
1894     'moodle/badges:manageglobalsettings' => array(
1895         'riskbitmask'  => RISK_DATALOSS | RISK_CONFIG,
1896         'captype'      => 'write',
1897         'contextlevel' => CONTEXT_SYSTEM,
1898         'archetypes'   => array(
1899             'manager'       => CAP_ALLOW,
1900             'student'       => CAP_PREVENT
1901         )
1902     ),
1904     // View available badges without earning them.
1905     'moodle/badges:viewbadges' => array(
1906         'captype'       => 'read',
1907         'contextlevel'  => CONTEXT_SYSTEM,
1908         'archetypes'    => array(
1909             'manager'       => CAP_ALLOW,
1910             'user'          => CAP_ALLOW,
1911             'student'       => CAP_ALLOW
1912         )
1913     ),
1915     // Manage badges on own private badges page.
1916     'moodle/badges:manageownbadges' => array(
1917         'riskbitmap'    => RISK_SPAM | RISK_PERSONAL,
1918         'captype'       => 'write',
1919         'contextlevel'  => CONTEXT_SYSTEM,
1920         'archetypes'    => array(
1921             'user'    => CAP_ALLOW
1922         )
1923     ),
1925     // View public badges in other users' profiles.
1926     'moodle/badges:viewotherbadges' => array(
1927         'riskbitmap'    => RISK_PERSONAL,
1928         'captype'       => 'read',
1929         'contextlevel'  => CONTEXT_USER,
1930         'archetypes'    => array(
1931             'user'    => CAP_ALLOW
1932         )
1933     ),
1935     // Earn badge.
1936     'moodle/badges:earnbadge' => array(
1937         'captype'       => 'write',
1938         'contextlevel'  => CONTEXT_SYSTEM,
1939         'archetypes'    => array(
1940             'user'           => CAP_ALLOW,
1941             'student'        => CAP_ALLOW,
1942         )
1943     ),
1945     // Create/duplicate badges.
1946     'moodle/badges:createbadge' => array(
1947         'riskbitmask'  => RISK_CONFIG | RISK_SPAM,
1948         'captype'      => 'write',
1949         'contextlevel' => CONTEXT_SYSTEM,
1950         'archetypes'   => array(
1951             'manager'        => CAP_ALLOW,
1952             'coursecreator'  => CAP_ALLOW,
1953             'editingteacher' => CAP_ALLOW,
1954             'student'        => CAP_PREVENT
1955         )
1956     ),
1958     // Delete badges.
1959     'moodle/badges:deletebadge' => array(
1960         'riskbitmask'  => RISK_CONFIG | RISK_DATALOSS,
1961         'captype'      => 'write',
1962         'contextlevel' => CONTEXT_SYSTEM,
1963         'archetypes'   => array(
1964             'manager'        => CAP_ALLOW,
1965             'coursecreator'  => CAP_ALLOW,
1966             'editingteacher' => CAP_ALLOW,
1967             'student'        => CAP_PREVENT
1968         )
1969     ),
1971     // Set up/edit badge details.
1972     'moodle/badges:configuredetails' => array(
1973         'riskbitmask'  => RISK_CONFIG,
1974         'captype'      => 'write',
1975         'contextlevel' => CONTEXT_SYSTEM,
1976         'archetypes'   => array(
1977             'manager'        => CAP_ALLOW,
1978             'coursecreator'  => CAP_ALLOW,
1979             'editingteacher' => CAP_ALLOW,
1980             'student'        => CAP_PREVENT
1981         )
1982     ),
1984     // Set up/edit criteria of earning a badge.
1985     'moodle/badges:configurecriteria' => array(
1986         'riskbitmask'  => RISK_CONFIG,
1987         'captype'      => 'write',
1988         'contextlevel' => CONTEXT_SYSTEM,
1989         'archetypes'   => array(
1990             'manager'        => CAP_ALLOW,
1991             'coursecreator'  => CAP_ALLOW,
1992             'editingteacher' => CAP_ALLOW,
1993             'student'        => CAP_PREVENT
1994         )
1995     ),
1997     // Configure badge messages.
1998     'moodle/badges:configuremessages' => array(
1999         'riskbitmask'  => RISK_CONFIG,
2000         'captype'      => 'write',
2001         'contextlevel' => CONTEXT_SYSTEM,
2002         'archetypes'   => array(
2003             'manager'        => CAP_ALLOW,
2004             'coursecreator'  => CAP_ALLOW,
2005             'editingteacher' => CAP_ALLOW,
2006             'student'        => CAP_PREVENT
2007         )
2008     ),
2010     // Award badge to a user.
2011     'moodle/badges:awardbadge' => array(
2012         'riskbitmask'  => RISK_SPAM,
2013         'captype'      => 'write',
2014         'contextlevel' => CONTEXT_SYSTEM,
2015         'archetypes'   => array(
2016             'manager'        => CAP_ALLOW,
2017             'coursecreator'  => CAP_ALLOW,
2018             'teacher'        => CAP_ALLOW,
2019             'editingteacher' => CAP_ALLOW,
2020             'student'        => CAP_PREVENT
2021         )
2022     ),
2024     // View users who earned a specific badge without being able to award a badge.
2025     'moodle/badges:viewawarded' => array(
2026         'riskbitmask'  => RISK_PERSONAL,
2027         'captype'      => 'read',
2028         'contextlevel' => CONTEXT_SYSTEM,
2029         'archetypes'   => array(
2030                 'manager'        => CAP_ALLOW,
2031                 'teacher'        => CAP_ALLOW,
2032                 'editingteacher' => CAP_ALLOW,
2033         )
2034     )
2035 );